All,
I'd like to extend the 'Status Server' Reply Message with the admins contact
information
Does anybody has an advice or a readme?
My environment:
SuSe 8.1, FreeRADIUS 0.8.1
Test with NTRadPing
Thanks
Stefan
-
List info/subscribe/unsubscribe? See
Dear all,
Here I have successed to run freeradius on mips platform. But it seems cannot
process eap-tls transaction. I use the same server cert, key, cacert, client cert,
client key on X86 and mips. But X86 can accept the transaction and mips cannot. And
show the following messages.
How can I use Interbase with FreeRADIUS
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
A while back we talked about TTLS support for FreeRadius: I think we all
agreed that TTLS is interesting, but since it's still a draft and there
were no free supplicants available, there was no TTLS support planned
for FreeRadius (in that there is nobody actively working on it).
Of
Hello,
In the Changelog I just saw that:
Dictionaries are now in /usr/local/share/freeradius
But for what I saw in the sources (cvs snapshot from 20030324),
dictionnaries are installed in /usr/local/share/freeradius but read from
/etc/raddb which leads to an error and radiusd not starting.
I
hi
what you've sent is the following:
eap response identity
md5 challenge
then new eap response identity
and new challenge issued by the server
take a look at the EAP-Message attribute to approve this.
so, from the server's point of view there was no problem. however, it
never received the
When compiling freeradius-0.8.1 with experimental modules it says:
couldn't find persistent.pl.
Where can I find it?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At 05:01 PM 3/26/2003, you wrote:
I have the ldflag in the proxy.conf file set to round_robin on all of the
realms we have but the system is not doing a round robin on the servers.
Has anyone got any idea why this might happen or am I using the wrong flag?
What version of FreeRADIUS are you
On _2003-03-27 at 14:48, Eric wrote:
When compiling freeradius-0.8.1 with experimental modules it says:
couldn't find persistent.pl.
Where can I find it?
it is fixed in cvs. Try getting the source from cvs.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I'm wondering if anyone has the idea of the 0.9 release schedule ? I am
on a project and I would want to use 0.9pre features (like round robin
and Acct-Type): I don't know if I can wait for a release or if I should
go with a CVS version.
This is just to have an idea of timing: should it
On Thu, 27 Mar 2003, Paul Popescu wrote:
I'm terribly sorry, but i have to repost this message, as in more than a
week i didn't even receive a RTFM or something... Maybe it didn't even
reach the list, so here it is, the original message:
I am using freeradius 0.8.1 as a radius server for
Hello Boian,
Excuse me, can you tell me-where this cvs located.
Because I don't know - this is some website?
Thursday, March 27, 2003, 7:07:36 PM, you wrote:
BJ On _2003-03-27 at 14:48, Eric wrote:
When compiling freeradius-0.8.1 with experimental modules it says:
couldn't find
Yes.
Accounting packets are proxied, but they are also sent to the local server, filling
up the database... I have sql listed in accounting section, and i have to list it
there because the local clients' sessions have to be recorded in the database.
freeradius mailing list wrote:
On Thu, 27 Mar
Hello,
I want to create a dial-In between two Cisco routers.
The Cisco router 3640 authenticate against the radius server.
The problem I have is the router 1600 can do an Chap
Challenge against the 3640.
The 3640 want to make the chap challenge but he
missed the password
On Thursday 27 March 2003 07:29, Christophe Boyanique wrote:
Hello,
In the Changelog I just saw that:
Dictionaries are now in /usr/local/share/freeradius
But for what I saw in the sources (cvs snapshot from 20030324),
dictionnaries are installed in /usr/local/share/freeradius but read from
I am using the dialup_admin but the online users option is not working i
have it set to read the radacct per the instructions in the admin.conf
anyone have any experiance with this?
--
Travis M. Best Systems Administrator
SunQwest Internet Services
1040 Walnut St
Sunbury, PA 17801
Phone:
At 19:47 26/03/2003 +0300, you wrote:
Dear Guy Warner,
This line simply notifies you there is no authentication schema may be
used for packet (for MS-CHAPv1 both LM and NT authentication is
available, for MS-CHAPv2 only NT and it fails in your case). Packet
corruption is most
Title: InternetSeer Alert
Advanced Monitoring
24/7 Tech Support
SecuritySeer
You should have /etc/raddb/dictionary which includes
/usr/local/share/freeradius/dictionary. Check the raddb/dictionary
file from that snapshot to verify.
Ok my mistake: I deleted dictionnary files from /etc and copied the new
one in /usr/share/freeradius.
Next time I'll double check things
Hi!
Searching the archives I found a single posting about downloadable ACL's
for Cisco PIX firewall.
Is it possible to use group-based downloadable ACL's with FreeRadius
together with the PIX firewall ? If yes, has someone put together a
walk-through or a small description on how to configure
Kevin Bonner [EMAIL PROTECTED] wrote:
You should have /etc/raddb/dictionary which includes
/usr/local/share/freeradius/dictionary. Check the raddb/dictionary file
from that snapshot to verify.
Oh, it works in the snapshot. But if you've previously installed
the dictionaries in /etc/raddb,
Ron Wahler [EMAIL PROTECTED] wrote:
What's really weird is that I now can get the RP_GROUP_NAME attribute
but
Only when I set another attribute called SERVICE_TYPE ...
I'm not sure I have an explanation for that. The code in rlm_exec
(and src/main/exec.c) is pretty dumb, and *shouldn't* be
Martin Shears [EMAIL PROTECTED] wrote:
Is anyone using rlm_perl?
A few people do.
I notice it is still experimental so am very hesitant to put it on a
production system but I would be interested to know how successfull it has
been and how efficient it is memory/cpu wise.
It's not as
0.8.1
-Original Message-
From: Chris Brotsos [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003 8:00 AM
To: [EMAIL PROTECTED]
Subject: Re: Round Robin
At 05:01 PM 3/26/2003, you wrote:
I have the ldflag in the proxy.conf file set to round_robin on all of
the
realms we have but
My /usr/local/etc/rc.d/radius.sh file content:
#!/usr/local/bin/bash
#
# Start FreeRadius Damon
radiusd -A -y
My radiusd.conf file content
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
I've changed to:
log_auth = yes
log_auth_badpass = yes
and now I am getting log for login
Alan,
Should the code always generate Value pairs for all the attributes
in the rlm_exec module ? Is there anything I can add to help debug
this ?
Ron.
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003 4:30 AM
To: [EMAIL PROTECTED]
Subject:
Paul Popescu [EMAIL PROTECTED] wrote:
Is there a way to get the server to only send accounting information to
sql when the user is in a specific realm?
Not really. In the short term, your best bet would be minor code
modifications. Version 0.9 (or the CVS head) should allow this, via
the
Stefan Auweiler [EMAIL PROTECTED] wrote:
I'd like to extend the 'Status Server' Reply Message with the admins =
contact
information
Does anybody has an advice or a readme?
Source code modifications. See 'src/main/radiusd.c'
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Christophe Boyanique [EMAIL PROTECTED] wrote:
I'm wondering if anyone has the idea of the 0.9 release schedule ? I am
on a project and I would want to use 0.9pre features (like round robin
and Acct-Type): I don't know if I can wait for a release or if I should
go with a CVS version.
Pick a
Guy Warner [EMAIL PROTECTED] wrote:
Thanks for all your help so far. Given then that no authentication schema
is available is this because of a invalid MS-CHAP-Challenge and
MS-CHAP2-Response pair. If so is there any software to manually generate
the pairings so that the server can be
Gene Parks [EMAIL PROTECTED] wrote:
...
Round robin doesn't work in 0.8.1. Use the latest CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Paul Dekkers [EMAIL PROTECTED] wrote:
Of course, TTLS is /still/ a draft, but today there /are/ free
supplicants available!
...
Does this make any difference in the development of TTLS support in
FreeRadius? (I hope so, of course :-))
Sure. It means that whoever develops it will be able
Ron Wahler [EMAIL PROTECTED] wrote:
Should the code always generate Value pairs for all the attributes
in the rlm_exec module ?
Yes.
Is there anything I can add to help debug this ?
Poke at rlm_exec.c, and print out the list of attributes
('input_pairs') it's passing to
Hi all,
Just a quick question before I go much deeper.
Is it possible to authenticate a dial-up with freeradius based not just on
username/password, but also phone number called from (ie only allow dial-in
from one particular number per customer).
If so can anyone please point me to a faq, etc (I
Alan,
Any chance you could put a configuration switch into the exec module
that would control when the program is executed ?
Execute = ON_ACCESS_ACCEPT or ON_ACCESS_REJECT or ALWAYS_EXECUTE
Regards,
Ron Wahler
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Hi Guy using the NAS to test with can be painfull. Here's what I do with
radclient.
radclient -f radtst-2.txt -x 127.0.0.1 auth testing123
Contents of file radtst-2.txt:-
NAS-IP-Address = 10.3.1.252
NAS-Port = 1
NAS-Port-Type = Async
User-Name = barney
Hmmm . . . I feel like I'm talking to myself here - but this is a
problem that may need some attention. This issue will be more pertinent
I think if people begin to use later versions of openldap not only as
collocated servers but simply to supply the liblber and other ldap
libraries to allow
Alan DeKok wrote:
Josh Howlett [EMAIL PROTECTED] wrote:
The sole objective, at least from where I'm standing, is to pass
information about a user from a database (or equiv.) to apache.
to *where* in Apache?
How do I take information from a RADIUS attribute, and magically
place it
Check page 38 in the Radius book.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Keith
Ballard
Sent: Thursday, March 27, 2003 11:30 AM
To: [EMAIL PROTECTED]
Subject: Authentication
Hi all,
Just a quick question before I go much deeper.
Is it
I am trying to get the rlm_sqlcounter module working in freeradius-0.8.1
and am have a bit of trouble. It appears that the module is not
querying the sql database...
When running radius -X, I get the following:
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check
From: Jeffery Huang
Here I have successed to run freeradius on mips
platform. But it seems cannot process eap-tls transaction. I
use the same server cert, key, cacert, client cert, client
key on X86 and mips. But X86 can accept the transaction and
mips cannot. And show the
Mark Lavi [EMAIL PROTECTED] wrote:
2) through the authentication module to the server environment as a
variable or a set of variables.
There is a document for Environment Variables in Apache (1.3x)
http://httpd.apache.org/docs/env.html, which discusses high level
usage in the server and
[ -x /usr/local/sbin/radiusd ] /usr/local/sbin/radiusd echo -n
FreeRadius echo -n
Worked.
Quoting Squirrel User [EMAIL PROTECTED]:
My /usr/local/etc/rc.d/radius.sh file content:
#!/usr/local/bin/bash
#
# Start FreeRadius Damon
radiusd -A -y
My radiusd.conf file content
I'm trying create a setup where I reject calls to certain numbers if the
request is proxied. Basically I don't want people in the local calling
area using a modem aggregation service, I want them to use my modems.
My first thought was to use an attr filter along the lines of:
foo
Spike Ilacqua [EMAIL PROTECTED] wrote:
I'm trying create a setup where I reject calls to certain numbers if the
request is proxied.
Do you mean is being proxied, or was proxied to me?
Those are two different questions.
Basically I don't want people in the local calling area using a
DEFAULT Proxy-State =* ANY, Called-Station-ID =~ ^303, Auth-Type := Reject
Reply-Message = Use MY modems, you evil person!
Thanks that's exactly what I needed! Especially the reply message ;)
-
List info/subscribe/unsubscribe? See
Try adding the full path to radiusd in your startup script. That is
probably why its not working.
for example,
/usr/local/sbin/radiusd -A -y
The radacct is for radius accounting packets. That is a whole seperate
instance. The things you changes will make you log authentication. Once
the
Add that to the users file.
username User-Password == whatever, Calling-Station-Id == 333-
something like that. It will look for all three variables before finding
a match.
On Thu, 27 Mar 2003, Keith Ballard wrote:
Hi all,
Just a quick question before I go much deeper.
Is it
I haven't tried yet, am using 2.0.25 right now. I have a test machine
available will give it a shot one of these days.
On Thu, 27 Mar 2003, Mike Denka wrote:
Hmmm . . . I feel like I'm talking to myself here - but this is a
problem that may need some attention. This issue will be more
For more info.
Here is the RFC on authentication
http://www.freeradius.org/radiusd/doc/rfc/rfc2865.txt
Here is the RFC on accounting
http://www.freeradius.org/radiusd/doc/rfc/rfc2866.txt
Hope that helps.
-Dustin Doris
On Thu, 27 Mar 2003, freeradius mailing list wrote:
Try adding the full
Are there any known issue with Groups on BSD based systems (BSDI,
FreeBSD, or OSX). I'm trying to use:
DEFAULTGroup == staff, Auth-Type := Reject
Reply-Message = Access Denied!
But members of group staff are happily allowed in. I'm running 0.8.1
on BSDI with caching disabled
These Chicks Have Cooters and Weiners
They Are Using All The Tools God Gave Them
They Can Even Use Them All On Them Selves
A Must See
http://redir.impulsive.com/redir?id=2928u=517364333b=6182
brWe appreciate your patronage, and thank you for opting in.To cancel your
subscription to
That would be great! My C is very weak, I am a Perl programmer :)
In that case I might have a play with it, it allows me to customise much
flexibility and solve some problems quite simply because I can link into our
billing system which is perl/mysql.
Keep up the good work!
Cheers
Martin
an example users entry might be:
usernamePassword == testing123,
Calling-Station-ID == 12345678
Framed-MTU = 576,
Service-Type = Framed-User
If you read into the users file format, you will see you have the identifier
(username,group), check items and reply
Okay, that is probably why it won't do it.
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003 6:41 AM
To: [EMAIL PROTECTED]
Subject: Re: Round Robin
Gene Parks [EMAIL PROTECTED] wrote:
...
Round robin doesn't work in 0.8.1. Use the latest
On Thu, 27 Mar 2003, Mike Denka wrote:
Hmmm . . . I feel like I'm talking to myself here - but this is a
problem that may need some attention. This issue will be more pertinent
I think if people begin to use later versions of openldap not only as
collocated servers but simply to supply the
On Thu, 27 Mar 2003, Travis Best wrote:
I am using the dialup_admin but the online users option is not working i
have it set to read the radacct per the instructions in the admin.conf
anyone have any experiance with this?
Are you sure accounting is working correctly?
Try enabling sql debug
FreeBSD 5.0 and FreeRadius 0.8.1, worked fine with radtest so decided to do
a live test in production and almost got fired.
I'm getting the error messages below, and dialup users can login. But seems
ISDN users on max3 are logging in fine. Also, don't have problem with DNS as
it says can't
Might I suggest daemontools to start and stop and log your radius server
as it does all of this and you can control it a little better.
Gene
-Original Message-
From: Squirrel User [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 6:20 PM
To: [EMAIL PROTECTED]
Subject: autostart
If you are using a Redhat system or similar the scripts you put in
/etc/rc.d/init.d/ do NOT run automatically UNLESS there exists symbolic links
in the various /etc/rc.d/rcX.d/ directories with SXXradiusd and KXXradiusd to
the init.d script where XX is a priority and X is a runlevel. If you do
hi all,
i have a very strange problem:
i used freeradius 0.8.1 and with the following parts of radiusd.conf:
authorize {
preprocess
fixusername1 fixusername2
suffix files}authenticate
{
authtype
LDAP{
redundant
{
LDAP1
LDAP2
} }
}
in users:
DEFAULT Ldap-Group == "disable", Auth-Type
On _ 2003-03-28 at 06:44, Martin Shears wrote:
Just installed freeRADIUS from daily cvs snapshot 20030327. I notice the
rlm_perl has changed, so has the example file. I can install and start
freeRADIUS but it gives a segmentation fault when running radtest on it.
There is bug or typo
62 matches
Mail list logo